[ad_1]
Apple has unveiled a major security update for two previous versions of its operating systems: Security Update 2020-006, released on Friday evening, aims to improve the security of macOS 10.14 Mojave and macOS 10.13 High Sierra. Fixes two kernel bugs and a bug in the FontParser that could allow an attacker to sneak in malicious code.
Obviously, the gaps are actively exploited
There have been “reports of an exploit for this problem in the wild,” Apple notes. The vulnerabilities have been reported to the manufacturer by Google’s Project Zero, have been actively used for targeted attacks, it was said earlier – further details have not yet been provided. It remains to be seen if there have been or are specific attacks on Macs. In macOS 10.15.7 and iOS / iPadOS 14.2 and the latest versions of watchOS and tvOS they were closed in early November.
Security update 2020-006 is also expected to be the latest update for macOS 10.13 High Sierra. After the introduction of a new version of macOS, Apple usually only provides security updates for the latest and the two previous versions. The parallel security update for the Safari browser (version 14.0.1) is only available for macOS 10.15 and macOS 10.14, as well as for macOS 11.
Another security update for macOS 10.15 and 10.14 is missing
At the same time, with macOS 11 Big Sur (version 11.0.1), the group fixed a long list of other security gaps, including critical ones. An attacker could use the vulnerabilities “to expand their privileges, execute code, view sensitive data, manipulate data, cause a program crash, perform a cross-site scripting attack, or bypass security mechanisms,” warns citizen CERT from BSI and recommends installing the update as soon as possible.
Anyone who loaded macOS 11 after it was released by Apple should already be on 11.0.1, Apple’s new ARM Macs apparently still ship with 11.0, which should then be updated immediately.
For users who want or need to stay on macOS 10.15 or macOS 10.14, there is no security update yet. When Apple will deliver this is unclear.
(lbe)
.
[ad_2]
Source link